Method and arrangement for ciphering information transfer

ABSTRACT

The invention relates to a method and arrangement for ciphering an information transfer connection. The invention can be advantageously applied in a TDMA (Time Division Multiple Access) cellular system offering broadband circuit switched services. An essential idea of the invention is that the information to be ciphered in a transmission burst is divided into at least two blocks ( 730 ) and said blocks are ciphered in ways that are not identical with each other ( 750  to  770 ). Then the reliability of ciphering is better because the amount of information encoded using one and the same ciphering algorithm and key is smaller. In addition, the reliability of the ciphering can be varied by changing the number and/or size of the information blocks in a burst.

BACKGROUND OF THE INVENTION

The invention relates to a method and arrangement for cipheringinformation transfer. The invention can be advantageously applied in atime division multiple access (TDMA) cellular system offering broadbandcircuit switched services.

The prior art will be now described, discussing first the use of timeslots in the GSM (Global System for Mobile communications) system andthe coding of information in a burst transferred in a time slot. Then itwill be described a known method for ciphering information transfer insaid system as well as the disadvantages related to it.

Current mobile communication networks generally use the time divisionmultiple access (TDMA) method. For example, in the GSM system eachtraffic channel uses TDMA frames comprising eight time slots. In mobilecommunication systems a call is conventionally established in such amanner that one time slot is reserved for the call and the transmissionchannel provided by that time slot is then used for the whole durationof the call. If, however, the mobile station moves from the area of abase station to that of another, a handover is carried out and a channelusing a new time slot is established between the new active base stationand the mobile station.

FIG. 1 shows a GSM TDMA frame comprising eight time slots 0 to 7.Separately shown are transmission frame TX and reception frame RX. Here,transmission frame means a frame sent by the mobile station, i.e. anuplink TDMA frame, and reception frame means a frame received by themobile station, i.e. a downlink TDMA frame. A cross in FIG. 1 marks thetime slot 1 which in the call depicted by the example is used in bothuplink and downlink transmission. It should be noted that in thedownlink and uplink directions there is a delay between the frames,which is why time slots represented by corresponding numbers are notsimultaneous in the different transfer directions.

Broadband high speed circuit switched data (HSCSD) services, in which acall uses more than one time slot in order to speed up thecommunications rate, have been introduced especially for datatransmission services. The number of uplink time slots may be equal tothat of downlink time slots, in which case the configuration issymmetrical, or it may be unequal, in which case the configuration isasymmetrical. Time slots used are specified during call establishmentand the system indicates the time slots used as well as the relatedparameters to the mobile station. Said parameters include, for example,the ciphering key used in ciphering/deciphering. The number of timeslots used can also be changed during a call.

FIG. 2 shows a TDMA frame in conjunction with a HSCSD call using twotime slots 1 and 2 in the uplink direction TX and three time slots 0 to2 in the downlink direction RX.

FIG. 3 illustrates the use of a time slot in the GSM system. A bursttransferred in a time slot contains training sequence symbols TSS 33,two sequences IS1 and IS2 consisting of information symbols, 31 and 32,and tail symbols TS1 and TS2, 30 and 34, respectively. In addition, timeslots are separated by guard periods GP, 35. A conventional GSM systemuses GMSK modulation to modulate the data into the burst.

Furthermore, there are new solutions to increase the transfer capacityby changing the method of modulation of the burst transmitted in a timeslot. One such solution is the so-called EDGE (Enhanced Data rates forGSM Evolution) system which is now being developed and is based on theGSM system. In that solution, GMSK modulation may be replaced by binaryorder quadrature amplitude modulation (B-O-QAM), quadrature orderquadrature amplitude modulation (Q-O-QAM) or by code pulse modulation(CPM), for example. Possible characteristics of the EDGE system aredescribed e.g. in [1]. To illustrate the invention we will examine inthis patent application some of the arrangements to implement the EDGEsystem discussed in said document. Those arrangements will be belowcalled the “EDGE system” although the characteristics of the eventualimplemented EDGE system might be different from those described here.

When using fast modulation, the symbol rate can be generated from a13-MHz clock frequency by dividing by 36, for example, while in theconventional GSM system the divisor is 48. Thus the symbol rate becomes361.111 ksps (kilosymbols per second). When using Q-O-QAM modulation, asymbol comprises 2 bits, so the modulation bit rate is 722.222 kbps(kilobits per second). When using B-O-QAM modulation, a symbol comprisesone bit, so the modulation bit rate is 361.111 kbps.

Table 1 below lists the most important modulation characteristics of theGSM system and the system using QAM modulation.

TABLE 1 Modulation GSM B-O-QAM Q-O-QAM Time slot length 576.92 μs 576.92μs 576.92 μs Clock frequency divisor 48 36 36 Symbol rate 270.833 ksps361.111 ksps 361.111 ksps Symbol sequence length 3.692 μs 2.769 μs 2.769μs Modulation bit rate 270.833 361.111 kbps 722.222 kbps kbps Symbols inburst 156.25 208.333 208.333 Symbols in TDMA frame 1250 1666.6661666.666

So, using QAM modulation, a burst in one time slot can transfer 208.333symbols, whereas the GSM system can only transfer 156.25 symbols.

Table 2 below shows the time slot sequence lengths in the GSM system andin the system based on QAM modulation. The portion of the stealing flagis shown separately in the numbers of information symbols and bits.

TABLE 2 Modulation GSM B-O-QAM Q-O-QAM Tail symbols /TS  3  2  2Information symbols /IS  57 + 1  81 + 1  81 + 1 Information symbols114 + 2 162 + 2 326 + 2 /burst Symbols in training  26  28  28 sequence/TSS Guard period GP  8.25  12.333  12.333 (30.462 μs) (34.153 μs)(34.153 μs)

In the GSM system the ciphering of information transferred is based onthe use of the so-called A5 ciphering algorithm. The ciphering algorithmis used to produce a 114-bit pseudo-random ciphering sequence which isused to encrypt the 114 information bits transferred in one burst. Aciphered 114-bit sequence is produced by performing an exclusive-or(xor) operation between the unciphered information and the cipheringsequence. Similarly, the ciphered information is deciphered at thereceiving end by producing the same ciphering sequence and carrying outan xor operation between the ciphering sequence and the received bitsequence.

The A5 algorithm is not public but as regards its structure it is aconventional ciphering algorithm using two input parameters. The firstinput parameter, so-called COUNT value, is derived from the TDMA framenumber and transferred on the synchronization channel SCH. The COUNTvalue is used for producing ciphering blocks for bursts in sequentialTDMA frames. The second input parameter is a call specific ciphering keyKc which is transferred on a data transmission channel prior to callestablishment.

Different connections and time slots within a TDMA frame aredistinguished using separate ciphering keys. If a connection uses morethan one time slot, ciphering key Kc is used in time slot 0 if that isin use. In addition, ciphering key Kc is used to produce the cipheringkeys Kcn (n=0 to 7) for the other time slots.

The method above is used for creating for all bursts different cipheringbit blocks within a TDMA frame and between TDMA frames. The use ofmultiple input parameters in the A5 algorithm makes it possible to avoidlong text sequences ciphered with one and the same ciphering block. Thisway, the encryption function of the conventional GSM system can be madecomparatively reliable.

Ciphering methods for the GSM system are described in more detail in[2], chapter 4.

Prior-art arrangements, however, have limitations. The reliability ofencryption largely depends on how much information is transferred usingthe same ciphering algorithm and key. The greater the amount ofinformation transferred using the same algorithm/key, the easier it isto crack the encryption. In known arrangements one and the sameciphering algorithm and key are used to code one burst. When the amountof information in the burst is fixed, the encryption has a certainpre-determined reliability. Thus, known arrangements do not allowselection of the reliability level of encryption according to need.

Also, when using modulation methods in which greater amounts of data aremodulated into one burst, the reliability of the encryption becomeslower. A situation may then occur in which the reliability of encryptionis inadequate.

Furthermore, known solutions have the disadvantage that when newmodulation methods are introduced, longer information blocks andciphering sequences have to be handled in conjunction with ciphering,which may call for changes in the transmitter and receiver construction.

SUMMARY OF THE INVENTION

An object of the present invention is to avoid aforementioneddisadvantages of the prior art by providing an arrangement in which theattainable reliability of encryption is better than in known solutionsand in which the level of reliability of encryption can be changed ifdesired.

An essential idea of the invention is that the information transferredin a burst is divided into at least two blocks and said blocks areciphered in a non-identical manner. Then the ciphering reliability isbetter as the amount of information encoded with one and the sameciphering algorithm and key is smaller. Furthermore, the level ofciphering reliability can be changed by altering the number and/or sizeof information blocks in the burst. Since the information block size canbe e.g. 114 bits, which is used in the GSM system, application of theinvention will not require that the construction of the mobile stationbe made more complex.

FIG. 4 shows in general an arrangement according to the invention forciphering the information related to a burst. A block contains Yinformation bits of a burst to be ciphered, divided into s+1 sub-blockseach of which comprises y bits. Sub-blocks are created in accordancewith predetermined rules. In the example depicted in FIG. 4, the bits tobe transferred first are transferred in the first sub-block, the bits tobe transferred second are transferred in the second sub-block, etc.However, other ways of forming the sub-blocks can be applied, too. Sincein the situation according to FIG. 4 the number of information bits in aburst, i.e. the block size Y, is a multiple of the number of bits y in asub-block, all sub-blocks are of the same length. A ciphering sequenceblock 0 to s is formed for each sub-block in a manner described lateron. An xor operation is performed between the information bits andciphering bits, producing Y ciphered information bits for one burst.

FIG. 5 shows a situation in which an information bit block related to aburst, comprising Y bits to be ciphered, is divided into sub-blocks 114bits long. In this case the block size Y is not a multiple of the numberof bits y in a sub-block, so the last sub-block s will not be full. Asthe number of bits in one burst may not necessarily be divisible by 114,the last sub-block s may comprise less than 114 bits. The remaining bitsare the most significant bits of the last sub-block and they are binaryadded to the corresponding bits of the last ciphering block. Theciphering sequence blocks are generated in the same manner as in thesituation depicted in FIG. 4, producing after an xor operation a blockof Y ciphered information bits for one burst.

The method according to the invention for ciphering a TDMA data transfercall, wherein transferred information is modulated into at least oneburst of a TDMA frame and transferred information is ciphered using apredetermined algorithm and ciphering key, is characterized in that

information transferred in one burst is divided into at least twoblocks,

the first block is ciphered using a first ciphering key,

the second block is ciphered using a second ciphering key, and

said first and second ciphering keys are different from each other.

The arrangement according to the invention for ciphering a TDMAinformation transfer connection in a communications system, comprisingmeans for modulating the information to be transferred into at least oneburst of a TDMA frame and means for ciphering the information to betransferred using a predetermined algorithm and at least one cipheringkey, is characterized in that it further comprises means for dividingthe information transferred in said burst into at least two blocks, andmeans for ciphering the first block using a first ciphering key and thesecond block using a second ciphering key, said first and secondciphering keys being different from each other.

The mobile station according to the invention, comprising means forciphering a TDMA information transfer connection, including means formodulating the information to be transferred into at least one burst ofa TDMA frame and means for ciphering the information to be transferredusing a predetermined algorithm and at least one ciphering key, ischaracterized in that the mobile station further comprises means fordividing the information transferred in said burst into at least twoblocks, and means for ciphering the first block using a first cipheringkey and the second block using a second ciphering key, said first andsecond ciphering keys being different from each other.

Preferred embodiments of the invention are described in the dependentclaims.

BRIEF DESCRIPTION OF THE DRAWING

Embodiments of the invention will now be described in more detail withreference to the accompanying drawing wherein

FIG. 1 shows the allocation of a time slot in a TDMA frame in aconventional connection using one time slot,

FIG. 2 shows the allocation of time slots in a TDMA frame in a HSCSDconnection using multiple time slots,

FIG. 3 illustrates time slot usage in the GSM system,

FIG. 4 illustrates in accordance with the invention ciphering ofinformation encoded into a burst when the burst comprises an evenlydivisible number of information blocks,

FIG. 5 illustrates in accordance with the invention ciphering ofinformation encoded into a burst when the number of information blocksin the burst is not an evenly divisible figure,

FIG. 6 shows in the form of flow diagram a method according to theinvention for ciphering information transfer when the connection usesone time slot,

FIG. 7 shows in the form of flow diagram a method according to theinvention for ciphering information transfer when the connection usesmultiple time slots, and

FIG. 8 shows in the form of block diagram a mobile station according tothe invention and its connection to a cellular system.

FIGS. 1 to 3 were already discussed above in conjunction with thedescription of the prior art, and FIGS. 4 and 5 were discussed inconjunction with the general description of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Referring to FIG. 6, it will be now described in more detail a methodaccording to the invention for ciphering information transfer on acommunications connection using one time slot, and referring to FIG. 7,it will be described a method according to the invention for acommunications connection using multiple time slots. Then, referring toFIG. 8, it will be described an arrangement for realizing a mobilestation according to the invention.

FIG. 6 shows a method according to the invention for ciphering aconnection using one time slot, 600. First, a connection specificciphering key Kc is created and transferred on the information transferchannel so that both the transmitter and receiver use the sameconnection key, step 610. In conjunction with that, normal callestablishment is carried out, step 620. Information to be transferred isdivided into blocks the size of which in the example case is 114 bits,step 630.

Next, a block specific ciphering key Kcs is created in step 650. Thefirst 114-bit block is advantageously encoded using the same cipheringsequence as in the normal single-slot case because Kc0=Kc. For allsubsequent sub-blocks 1 to s it is used distinct ciphering sequencesderived from the corresponding connection specific ciphering keys Kc1 toKcs.

The block specific ciphering key is created using the connectionspecific ciphering key Kc and the sub-block number BM as follows:

Kcs(i)=Kc(i)xorBMs(i)  (1)

In the equation above, xor stands for bitwise binary addition. BM(i)stands for 64-bit binary encoding of the sub-block number BM. Thesub-block number may obtain values in the range 0 to DIV(Y,114), where Yis the total number of information bits to be ciphered in one burst,i.e. the block size. Index s denotes the sub-block index and i denotesbinary form.

In a system using the new modulation method the number of informationbits to be ciphered in the burst is advantageously 200 to 400. If thenumber of bits to be ciphered is e.g. 300, the number of sub-blocks isDIV(300,114)=2. Then the sub-block numbers 0, 1 and 2 are binary-encodedsuch that the bit sequence contains 62 zeros followed by the two leastsignificant bits, which have the value 00, 01 or 10, depending on thesub-block.

Using a block specific ciphering key, a block specific cipheringsequence Scs is created, step 660. After that, an information sub-blockis ciphered using the ciphering sequence block, producing a cipheredinformation block Ccs.

If there are still information blocks in the burst to be ciphered,operation returns to step 650. When all information blocks in the bursthave been ciphered, 680, the ciphered information blocks are modulatedinto the burst and the burst is transmitted to the information transferchannel, step 685. Steps 630 to 685 are continued until the connectionis terminated, 699.

A received burst is decoded following corresponding deciphering steps.

FIG. 7 shows a ciphering method 700 according to the invention in whichinformation transfer in the HSCSD case uses one or more time slots of aTDMA frame. Here, too, a connection specific ciphering key Kc is createdfirst, step 710. After the call has been established, 720, informationin each time slot is divided into blocks Ins, step 730. Then, in step740, a time slot specific ciphering key Kcn is created, where n standsfor the number of the time slot in the TDMA frame. The ciphering key Kcnis generated using the connection specific ciphering key Kc and timeslot number BN as follows:

Kcn(i)=Kc(i)xor(BN<<32(i))  (2)

In equation (2), operation <<32 represents a 32-bit shift.

Then, in step 750, a new connection specific ciphering key Kcns iscreated for the information block in the burst on the basis of thesub-block number BM as follows:

Kcns(i)=Kcn(i)xorBMs(i)  (3)

As mentioned above in conjunction with the description of FIG. 6, xorstands for bitwise binary addition and BM(i) stands for binary encodingof the value of the sub-block number BM into 64 bits. It should be notedhere that the time slot number should be indicated using a differentpart of the bit sequence than that used to indicate the time slot numberin the HSCSD solution, lest the effect of the parameters in themultichannel case be canceled. Namely, if the bits in question aresummed at the same point of the bit sequence, the reliability ofencryption might be degraded because the time slot number and sub-blocknumber are data that a third party could find out. In the HSCSD solutionin use, the bits indicating the time slot are situated in the middle ofthe 64-bit sequence.

The ciphering key produced is used to generate a block specificciphering sequence Scns in step 760 which is used to calculate theciphered information block Ccns, step 770. Steps 750 to 770 are repeateduntil all information blocks in the burst have been ciphered, 780,whereafter the burst is generated and transmitted, 785. Correspondingly,steps 740 to 785 are repeated until all bursts of the time slots used bythe connection have been ciphered and transmitted, 790, after which theoperation returns 795 to step 730 until the connection is terminated,799.

Also in the case of a multislot connection, the deciphering in thereception is carried out according to steps corresponding to those usedin the ciphering in the transmission.

FIG. 8 shows in the form of a simplified block diagram a mobile station800 according to the invention and its connection to a cellular system.The mobile station comprises an antenna 801 to receive aradio-frequency, or RF, signal sent by a base station. The received RFsignal is taken e.g. by means of a duplex filter or switch 802 to a RFreceiver 811 where the signal is amplified and converted digital. Thenthe signal is detected and demodulated in block 812. Block 813 performsdeciphering according to the present invention as well asdeinterleaving. Signal processing is then performed in block 830according to whether the information transferred is speech or data. Datacan be stored as such in the mobile station's memory 804 or,alternatively, processed data are transferred after signal processing toa possible external device such as a computer. Possible processed speechsignal is taken to an earphone (not shown). A control unit controlsaforementioned receiving blocks in accordance with a program stored inthe unit. The control unit controls block 813 in such a manner thatdeciphering of data received from the system is carried out as describedabove.

Transmission from a mobile station in accordance with the invention iscarried out e.g. as follows. Controlled by a control unit 803, block 833performs the signal processing and block 821 performs the interleavingand ciphering according to the invention for the processed signal(data/speech) to be transferred. Bursts are generated from the encodeddata in block 822 which are modulated and, amplified into a transmissionRF signal, block 823. The RF signal to be transmitted is taken to anantenna 801 via a duplex filter 802, for example. Also theaforementioned processing and transmission functions are controlled by acontrol unit 803. Especially the control unit controls block 821 in sucha manner that the information in each burst is ciphered according to theinvention using separate ciphering sequences for each information block.To that end, the control unit reads from the memory 804 the necessaryciphering parameters. In addition, the control unit 803 monitors the SCHchannel to receive the COUNT value. The COUNT value is received at thebeginning of the connection or when the synchronization is restoredafter a visit outside the coverage area or in connection with ahandover.

In addition, FIG. 8 shows a keypad 831 and display 832 belonging to anormal mobile station. Blocks of a mobile station according to theinvention can be formed using known components. However, the controlunit controlling the other units carries out the block control functionsin accordance with special software, thus realizing the aforementionedblock functions according to the invention.

Furthermore, FIG. 8 shows the parts of the cellular system that are usedin the call establishment and information transfer. RF signaltransmission and reception are carried out through an antenna 850 in abase station 851. An information transfer connection is created from thebase station 851 via a base station controller 852 to a switching center853. In addition to other base station systems of the system, theswitching center 853 is connected to a home location register 854 andpublic switched telephone network PSTN, for example.

On the communications system side, the ciphering and decipheringaccording to the invention are performed at a base station by means ofblocks corresponding to those of a mobile station.

It should be noted that in the downlink and uplink directions of aconnection it is possible to use different time slot numbers as well asdifferent ciphering and modulation methods. In addition, the number oftime slots used, the size/number of information blocks in a burst andthe modulation method can be changed also during the connection.

Above the invention was described using certain embodiments as examples.It is however obvious that the invention is not limited to thoseembodiments but can be freely modified within the limits defined by theclaims set forth below.

It should be especially noted that the invention is not limited to theGSM system but can be well applied to other systems using the TDMAmethod and also systems using the code division multiple access, orCDMA, method. Similarly, the invention is not limited to the modulationmethods mentioned above but it can be applied in conjunction with othermodulation methods, too. Furthermore, the invention is not limited todata transfer but can be applied to the transfer of speech as well. Theinvention also comprises ciphering on those signalling channels wherenew modulation might be needed. Such channels in the GSM/EDGE systemcould be e.g. the fast associated control channel FACCH, as well as theSACCH and SDCCH channels. Furthermore, configurations more complex thanthose described can occur in various situations within the scope of theprinciple of the invention.

REFERENCES

[1]ETSI STC SMG2 EDGE Tdoc 332/97: Feasibility Study version 1.0, WorkItem 184: Improved Data Rates through Optimised Modulation, Ericsson,Nokia, Dec. 1-5, 1997.

[2] Draft ETS 300 929: GSM 03.20—version 5.1.0. Digital cellulartelecommunications system (phase 2+); Security related networkfunctions, European Telecommunications standards Institute, March 1997,51 pp.

What is claimed is:
 1. A method for ciphering a mobile communicationsconnection between at least two devices wherein information to betransferred is modulated into at least one burst of a certain fixedlength and the information to be transferred is ciphered according to apredetermined algorithm and ciphering key, wherein informationtransferred in one burst is divided into at least two blocks, the firstblock is ciphered using a first ciphering key (Kcn1), the second blockis ciphered using a second ciphering key (Kcn2), said first and secondciphering keys are different from each other, at least one of said firstand second ciphering keys (Kcns) is generated on the basis of aparameter (COUNT) transferred on a radio frequency information transferchannel of the mobile communications connection, and the number ofinformation blocks transferred in a burst is changed during theconnection between said two devices.
 2. The method of claim 1,characterized in that the size (y) of said block is smaller than theamount of information (Y) transferred in one burst.
 3. The method ofclaim 1, characterized in that the size (y) of the information blockstransferred in a burst is changed during the connection.
 4. The methodof claim 1, characterized in that said information transfer connectioncomplies with the EDGE system.
 5. A system for ciphering an informationtransfer connection between at least two devices in a communicationssystem, said system comprising means for modulating the information tobe transferred into at least one burst of a certain fixed length andmeans for ciphering the information to be transferred by means of apredetermined algorithm and at least one ciphering key, wherein thesystem further comprises means for dividing the information transferredin said burst into at least two blocks, and means for ciphering thefirst block using a first ciphering key and the second block using asecond ciphering key, said first and second ciphering keys beingdifferent from each other, and the system further comprising means forgenerating at least one of said first and second ciphering keys on thebasis of a parameter transferred on a radio frequency informationtransfer channel of a mobile communications connection; and wherein thenumber of information blocks transferred in a burst is changed duringthe connection between said two devices.
 6. A mobile station comprisingmeans for ciphering an information transfer connection with anotherdevice, said means including means for modulating the information to betransferred into at least one burst of a certain fixed length and meansfor ciphering the information to be transferred by means of apredetermined algorithm and at least one ciphering key, wherein themobile station further comprises means for dividing the informationtransferred in said burst into at least two blocks, and means forciphering the first block using a first ciphering key and the secondblock using a second ciphering key, said first and second ciphering keysbeing different from each other, and said mobile station furthercomprising means for generating at least one of said first and secondsaid ciphering keys on the basis of a parameter transferred on a radiofrequency information transfer channel of a mobile communicationsconnection; and wherein the number of information blocks transferred ina burst is changed during the connection between said mobile station andsaid another device.
 7. A method for ciphering a mobile communicationsconnection between at least two devices wherein information to betransferred is modulated into at least one burst of a certain fixedlength and the information to be transferred is ciphered according to apredetermined algorithm and ciphering key, wherein informationtransferred in one burst is divided into at least two blocks, the firstblock is ciphered using a first ciphering key (Kcn1), the second blockis ciphered using a second ciphering key (Kcn2), said first and secondciphering keys are different from each other, at least one of said firstand second ciphering keys (Kcns) is generated on the basis of aparameter (COUNT) transferred on a radio frequency information transferchannel of the mobile communications connection, and the size (y) of theinformation blocks transferred in a burst is changed during theconnection between said two devices.
 8. A system for ciphering aninformation transfer connection between at least two devices in acommunications system, said system comprising means for Modulating theinformation to be transferred into at least one burst of a certain fixedlength and means for ciphering the information to be transferred bymeans of a predetermined algorithm and at least one ciphering key,wherein the system further comprises means for dividing the informationtransferred in said burst into at least two blocks, and means forciphering the first block using a first ciphering key and the secondblock using a second ciphering key, said first and second ciphering keysbeing different from each other, and the system further comprising meansfor generating ciphering key on the basis of a parameter transferred ona radio frequency information transfer channel of a mobilecommunications connection; and wherein the size (y) of the informationblocks transferred in a burst is changed during the connection betweensaid two devices.
 9. A mobile station comprising means for ciphering aninformation transfer connection with another device, said meansincluding means for modulating the information to be transferred into atleast one burst of a certain fixed length and means for ciphering theinformation to be transferred by means of a predetermined algorithm andat least one ciphering key, wherein the mobile station further comprisesmeans for dividing the information transferred in said burst into atleast two blocks, and means for ciphering the first block using a firstciphering key and the second block using a second ciphering key, saidfirst and second ciphering keys being different from each other, andsaid mobile station further comprising means for generating saidciphering key on the basis of a parameter transferred on a radiofrequency information transfer channel of a mobile communicationsconnection; and wherein the size (y) of the information blockstransferred in a burst is changed during the connection between said twodevices.